Cryptanalysis of some chaos-based keyed hash functions by ZHENG Shi-hui1, ZHANG Guo-yan3, YANG Yi-xian1, LI Zhong-xian1

“…By employing the methods including statistic analysis,birthday attacks,and so on,the forging attacks and equivalent-key recovering attacks towards a categories keyed hash functions that are based on chaos systems were pro-posed.Meanwhile,the reasons for that these attacks succeed were analyzed and some suggestions for design keyed hash functions by using chaos systems were summarized.Finally,an improved scheme was presented.The scheme could resist the forging attacks and equivalent-key recovering attacks,while the increased workload could be neglected.…”
Get full text

Aksi Penyerangan Non-Player Character (NPC) Menggunakan Metode Naive Bayes pada Shooter Game by Edi Siswanto, Alfa Faridh Suni

“…While attacks decision is divided into firing attacks, grenade attacks, and melee attacks. …”
Get full text

Robustness evaluation of commercial liveness detection platform by Pengcheng WANG, Haibin ZHENG, Jianfei ZOU, Ling PANG, Hu LI, Jinyin CHEN

“…Liveness detection technology has become an important application in daily life, and it is used in scenarios including mobile phone face unlock, face payment, and remote authentication.However, if attackers use fake video generation technology to generate realistic face-swapping videos to attack the living body detection system in the above scenarios, it will pose a huge threat to the security of these scenarios.Aiming at this problem, four state-of-the-art Deepfake technologies were used to generate a large number of face-changing pictures and videos as test samples, and use these samples to test the online API interfaces of commercial live detection platforms such as Baidu and Tencent.The test results show that the detection success rate of Deepfake images is generally very low by the major commercial live detection platforms currently used, and they are more sensitive to the quality of images, and the false detection rate of real images is also high.The main reason for the analysis may be that these platforms were mainly designed for traditional living detection attack methods such as printing photo attacks, screen remake attacks, and silicone mask attacks, and did not integrate advanced face-changing detection technology into their liveness detection.In the algorithm, these platforms cannot effectively deal with Deepfake attacks.Therefore, an integrated live detection method Integranet was proposed, which was obtained by integrating four detection algorithms for different image features.It could effectively detect traditional attack methods such as printed photos and screen remakes.It could also effectively detect against advanced Deepfake attacks.The detection effect of Integranet was verified on the test data set.The results show that the detection success rate of Deepfake images by proposed Integranet detection method is at least 35% higher than that of major commercial live detection platforms.…”
Get full text

Secured Wireless Network Based on a Novel Dual Integrated Neural Network Architecture by H. V. Ramachandra, Pundalik Chavan, S. Supreeth, H. C. Ramaprasad, K. Chatrapathy, G. Balaraju, S. Rohith, H. S. Mohan

“…DINN is designed for any presence of deep learning-based attack in a physical security layer. DINN is evaluated considering the various machine learning attack such as basic_iterative_method attack, momentum_iterative_method attack, post_gradient_descent attack, and C&W attack; comparison is carried out on existing and DINN, considering attack success rate and MSE. …”
Get full text

RFID security authentication scheme based on Montgomery-form elliptic curve cryptography by Wumei ZHANG

“…For the issues that the existing RFID security authentication scheme based on elliptic curve cryptography （ECC）can not meet the requirements of mutual authentication,privacy protection and forward security,a RFID security authentication scheme based on Montgomery-form elliptic curve cryptography was proposed.This scheme uses the Montgomery elliptic curve to reduce the amount of computation,and to provide mutual authentication between the label and the server,and anonymity and forward security.The analysis showed that the scheme could resist replay attack,tag camouflage attack,server cheat attack,DoS attack,position tracking attack and clone attack.Compared with the existing schemes,the proposed scheme provides high security performance under low memory,computation and communication requirements,and it can meet the security requirements of the RFID system.…”
Get full text

Related-key impossible boomerang cryptanalysis on LBlock by Min XIE, Yan-li MU

“…The related-key impossible boomerang cryptanalysis and the strength of the lightweight block cipher LBlock against this method were investigated.A new attack on 22-round LBlock was presented combining impossible boomerang attacks with related-key attacks.A 15-round related-key impossible boomerang distinguisher was constructed.Based on the new distinguisher,an attack on 22-round LBlock was mounted successfully by concatenating 3-round to the beginning and 4-round to the end.The attack on 22-round LBlock required data complexity of only 2^51.3plaintexts and computational complexity of about 2 ^71.5422-round encryptions.Compared with published cryptanalysis results on 22-round LBlock,proposed attack has great advantages on data and computational complexities.…”
Get full text

Reinforcement Learning-Based Generative Security Framework for Host Intrusion Detection by Yongsik Kim, Su-Youn Hong, Sungjin Park, Huy Kang Kim

“…Protecting users’ systems from evolving cybercrime is becoming increasingly challenging. Attackers create more complicated attack patterns and configure attack behavior to resemble normal behavior to evade detection by defenders. …”
Get full text

New hash function based on C-MD structure and chaotic neural network by Liquan CHEN, Yuhang ZHU, Yu WANG, Zhongyuan QIN, Yang MA

“…In recent years, widely used hash algorithms such as MD5 and SHA-1 have been found to have varying degrees of security risks.The iterative structure of the SHA-2 algorithm is similar to that of SHA-1, making it vulnerable to attacks as well.Meanwhile, SHA-3 has a complex internal structure and low implementation efficiency.To address these issues, a keyed hash function was designed and implemented based on chaotic neural network and C-MD structure.The approach involved improving the Merkle-Damgard structure by proposing the chaotic neural network Merkle-Damgard (C-MD) structure.This structure can be used to design a hash function that can withstand attacks such as the middle attack, multiple collision attack, and second pre-image attack for long information.Besides, the chaotic neural network was used as the compression function to increase the complexity of the hash function and improve its collision resistance, while also enabling it to output multiple lengths.Moreover, a plaintext preprocessor was designed, which used the coupled image lattice to generate chaos sequence related to the length of the plaintext to fill the plaintext, thus enhancing the ability of the hash function to resist length expansion attacks.Simulation results demonstrate that the proposed hash function performs faster than SHA-2, SHA-3 and the same type of chaotic hash function proposed by Teh et al.It can resist second pre-image attack, multi-collision attack and differential attack, while also exhibiting better collision resistance and mapping uniformity.In addition, the proposed Hash function can output Hash values of different lengths, making it suitable for use in digital signature, key generation, Hash-based message authentication code, deterministic random bit generator, and other application fields.…”
Get full text

Exploring the vulnerability in the inference phase of advanced persistent threats by Qi Wu, Qiang Li, Dong Guo, Xiangyu Meng

“…Advanced persistent threats are long-term network attacks on specific targets with attackers using advanced attack methods. …”
Get full text

Temporal variation in black-caiman-nest predation in varzea of central Brazilian amazonia. by Kelly Torralvo, Robinson Botero-Arias, William E Magnusson

“…However, attacks by another species of predator do not appear to be necessary to initiate attacks by any other species of predator. …”
Get full text

EN-Bypass: a security assessment method on e-mail user interface notification by Jingyi YUAN, Zichuan LI, Guojun PENG

“…Email plays an important role in people’s daily communications, while also attracts the attention of hackers.Email is frequently used in phishing attacks, with email sender spoofing being a key step.To prevent sender-spoofing attacks, email vendors often deploy email security protocols such as SPF, DKIM, and DMARC to verify the sender’s identity.Moreover, some vendors add email UI notification mechanism on email clients to help users identify the real sender.However, there is no uniform standard in the implementation of the email UI notification mechanism, which varies among vendors.Whether the mechanism effectively prevents sender-spoofing attacks still needs verification.In this paper, the security evaluation of the email UI notification mechanism was studied to gain better understanding of its efficacy and to eventually protect users from sender-spoofing attacks.Ten world-famous email services were researched and evaluated, of which seven deployed the email UI notification mechanism.Consequently, a new type of sender-spoofing attack was proposed which was called EN-Bypass, aiming to bypass the email UI notification mechanism by forging the “From” and “Sender” fields in the email header.To verify the email UI notification mechanism’s security and reliability, EmailSenderChecker was implemented, which can automatically evaluate the existence of the EN-Bypass attack.The result shows that all seven email service vendors suffer from EN-Bypass attack.Attackers could bypass the email UI notification mechanism by constructing special email headers and spoofing the sender.Finally, to improve the mail service security, three suggestions about the email UI notification mechanism were proposed for the mail service vendors.…”
Get full text

IoT intrusion detection method for unbalanced samples by ANTONG P, Wen CHEN, Lifa WU

“…In recent years, network traffic increases exponentially with the iteration of devices, while more and more attacks are launched against various applications.It is significant to identify and classify attacks at the traffic level.At the same time, with the explosion of Internet of Things (IoT) devices in recent years, attacks on IoT devices are also increasing, causing more and more damages.IoT intrusion detection is able to distinguish attack traffic from such a large volume of traffic, secure IoT devices at the traffic level, and stop the attack activity.In view of low detection accuracy of various attacks and sample imbalance at present, a random forest based intrusion detection method (Resample-RF) was proposed, which consisted of three specific methods: optimal sample selection algorithm, feature merging algorithm based on information entropy, and multi-classification greedy transformation algorithm.Aiming at the problem of unbalanced samples in the IoT environment, an optimal sample selection algorithm was proposed to increase the weight of small samples.Aiming at the low efficiency problem of random forest feature splitting, a feature merging method based on information entropy was proposed to improve the running efficiency.Aiming at the low accuracy problem of random forest multi-classification, a multi-classification greedy transformation method was proposed to further improve the accuracy.The method was evaluated on two public datasets.F1 reaches 0.99 on IoT-23 dataset and 1.0 on Kaggle dataset, both of which have good performance.The experimental results show that the proposed model can effectively identify the attack traffic from the massive traffic, better prevent the attack of hackers on the application, protect the IoT devices, and thus protect the related users.…”
Get full text

The effect of neutrophil-lymphocyte ratio and thrombocyte index on inflammation in patients with periodic fever, aphthous stomatitis, pharyngitis, and adenitis syndrome by Vildan Gungorer, Alaaddin Yorulmaz, Husamettin Vatansev, Sukru Arslan

“…We observed a significant decrease in MPV values during the attack-free period compared to the control group, suggesting that subclinical inflammation continues in the attack-free period in PFAPA syndrome.…”
Get full text

A Novel Two-Stage Deep Learning Model for Network Intrusion Detection: LSTM-AE by Vanlalruata Hnamte, Hong Nhung-Nguyen, Jamal Hussain, Yong Hwa-Kim

“…Machine learning and deep learning techniques are widely used to evaluate intrusion detection systems (IDS) capable of rapidly and automatically recognizing and classifying cyber-attacks on networks and hosts. However, when destructive attacks are becoming more extensive, more challenges develop, needing a comprehensive response. …”
Get full text

Cryptanalysis of Loiss Stream Cipher-Revisited by Lin Ding, Chenhui Jin, Jie Guan, Qiuyan Wang

“…In this paper, based on solving systems of linear equations, we propose an improved Guess and Determine attack on Loiss with a time complexity of 2231 and a data complexity of 268, which reduces the time complexity of the Guess and Determine attack proposed by the designers by a factor of 216. …”
Get full text

First Report: Spodoptera Picta Guerin-Meneville, Armyworm on Swamp Lily (Crinum x powellii ‘Album’) in Bogor, Indonesia by Nadzirum Mubin, Khalisa Sasti Andina, Bela Hasna Audia

“…Armyworms are very common and can attack all types of plants. Attacking ornamental plants such as flowers is no exception. …”
Get full text

A Remote User Security Authentication Scheme Using Smart Card and Password Protection for WSN by Liping Liu

“…This scheme combines mutual authentication and dynamic identity to resist the impersonation attack, smart card stolen attack, distributed denial of service attack, dictionary attack and replay attack. …”
Get full text

Strategy of container migration and honeypot deployment based on signal game in cloud environment by Lingshu LI, Jiangxing WU, Wei ZENG, Wenyan LIU

“…Multi-tenant coexistence and resource sharing in the SaaS cloud pose serious security risks.On the one hand, soft isolation of logical namespaces is easy to be bypassed or broken.On the other hand, it is easy to be subjected to co-resident attacks due to sharing of the host operating system and underlying physical resources.Therefore it poses a serious threat to data availability, integrity and confidentiality in the container cloud.Given the problem that SaaS cloud services are vulnerable to container escape and side-channel equivalent resident attack, network deception technology increases the uncertainty of the cloud environment and reduces the effectiveness of attack by hiding the business function and characteristic attributes of the executor.Aiming at the security threat caused by the co-resident attack, combining dynamic migration and virtual honeypot security technology, the economical and reasonable network deception method was studied.Specifically, a container migration and honeypot deployment strategy based on the signal game was proposed.According to the security threat analysis, container migration and honeypot were used as defense methods.The former improved the undetectability of the system based on the idea of moving to target defense, while the latter confused attackers by placing decoy containers or providing false services.Furthermore, since network reconnaissance was the pre-step of the network attack chain, the attack and defense process was modeled as a two-person signal game with incomplete information.The sender chose to release a signal according to his type, and the receiver could only obtain the signal released by the sender but could not determine the type.Then, a game tree was constructed for the complete but imperfect information dynamic game, and the costs and benefits of different strategy combinations were set.The optimal deception strategy was determined by equilibrium analysis of attack-defense model.Experimental results show that the proposed strategy can effectively improve system security.Besides, it can also reduce container migration frequency and defense cost.…”
Get full text

Homomorphic signature schemes for single-source and multi-source network coding by Huifang YU, Wen LI

“…To solve the problems of pollution attacks of single-source and multi-source network coding,two homomorphic signature schemes for network coding were proposed.In homomorphic signature for single-source network,the message hash value was signed on the elliptic curve,then the message,hash value and the signature of hash value were output,and the receiving node could verify the signature,the elliptic curve signature based on homomorphism could resist intra/inter-generation pollution attacks.Homomorphic signature from pairings for multi-source network coding could resist pollution attacks,and the introduction of timestamp made it be capable to resist replay attacks.In the random oracle model,it proves that two schemes are all secure under the selective attacks.Analysis shows that two schemes can effectively improve the verification efficiency.…”
Get full text

A discovery strategy for APT anomaly based on homologous behavior analysis by Yihan YU, Yu FU, Xiaoping WU, Hongcheng LI

“…As APT（advanced persistent threat）attacks are increasingly frequently,higher requirements for the detection of APT attacks were proposed.It was an effective method to early discover the attack behavior of APT based on homologous behavior analysis.Aiming at the problem of low efficiency of data authentication caused by excessive data,the historical behavior database with data label technology was established and the database was stored in the cloud.Relying on the Hadoop platform and the aggregate computing ability of MapReduce and the pseudorandom permutation technique,the whole traffic parallel detection of the network was realized.In order to determine whether there was a APT attack behavior,the detection of APT attacks was implemented by comparing the data labels in the database.Test results show that the proposed method can detect the abnormal behavior of APT from the network as soon as possibleand improve the efficiency of the whole data flow detection.…”
Get full text